Help Center/ Cloud Firewall/ User Guide/ Permissions Management/ CFW Permissions and Supported Actions
Updated on 2024-10-09 GMT+08:00

CFW Permissions and Supported Actions

This topic describes fine-grained permissions management for your CFW instances. If your Huawei Cloud account does not need individual IAM users, then you may skip over this section.

By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions depending on user's job responsibilities. Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions.

If the peak TPS is greater than 2000, local authentication is required.

Supported Actions

CFW provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.

  • Permission: A statement in a policy that allows or denies certain operations.
  • Action: Specific operations that are allowed or denied.

Permission

Action

Create a cloud firewall

cfw:instance:create

Add CFW capacity

cfw:instance:alterSpec

Delete a cloud firewall

cfw:instance:delete

Query a cloud firewall

cfw:instance:get

Query the cloud firewall list

cfw:instance:list

Enable or disable EIP protection

cfw:eip:operate

Query the EIP list

cfw:eip:list

Query EIP statistics

cfw:eipStatistics:get

Query policy statistics

cfw:policyStatistics:get

Create an ACL rule

cfw:acl:create

Modify an ACL rule

cfw:acl:put

Delete an ACL rule

cfw:acl:delete

Query the ACL rule list

cfw:acl:list

Configure ACL rule priority

cfw:acl:setPriority

Create a blacklist or whitelist

cfw:blackWhite:create

Modify a blacklist or whitelist

cfw:blackWhite:put

Delete a blacklist or whitelist

cfw:blackWhite:delete

Query a blacklist or whitelist

cfw:blackWhite:list

Create an IP address group

cfw:ipGroup:create

Modify an IP address group

cfw:ipGroup:put

Delete an IP address group

cfw:ipGroup:delete

Query the IP address group list

cfw:ipGroup:list

Query the details of an IP address group

cfw:ipGroup:get

Add a member to an IP address group

cfw:ipMember:create

Update a member in an IP address group.

cfw:ipMember:put

Delete a member from an IP address group

cfw:ipMember:delete

Query IP address group members

cfw:ipMember:list

Create a service group

cfw:serviceGroup:create

Modify a service group

cfw:serviceGroup:put

Delete a service group

cfw:serviceGroup:delete

Query the details about a service group

cfw:serviceGroup:get

Query the service group list

cfw:serviceGroup:list

Add a member to a service group

cfw:serviceMember:create

Update a member in a service group

cfw:serviceMember:put

Delete a member from a service group

cfw:serviceMember:delete

Query service group members

cfw:serviceMember:list

Query the ACL log list

cfw:accessControlLog:list

Query the traffic log list

cfw:flowLog:list

Query the attack log list

cfw:attackLog:list

Query the traffic log report

cfw:flowLogReport:get

Query the ACL log report

cfw:accessControlLogReport:get

Query the ACL log report

cfw:attackLogReport:get

Enable basic protection

cfw:ips:start

Disable basic protection

cfw:ips:stop

Query basic protection status

cfw:ipsStatus:get

Configure the IPS mode

cfw:ipsMode:operate

Query the IPS mode

cfw:ipsMode:get

Create a packet capture task

cfw:captureTask:create

Query the packet capture task list

cfw:captureTask:list

Batch delete packet capture tasks

cfw:captureTask:delete

Stop a packet capture task

cfw:captureTask:stop

Download packet capture results

cfw:captureTask:getResult

Query CFW instance resources

cfw:resource:list